Click ‘Your Certificates’, select the certificate deployed by startssl.com and then click ‘Backup’ button, save the certificate to some location. This step is very important and make sure you keep the backup safe, if you lost the certificate, you lost your account.

Once the account creation is completed, restart firefox and navigate to startssl.com again.

A list of possible email addresses associated with your domain name is shown. Select an email address for verification of domain ownership. Click ‘Continue’ button.

Login to the mailbox, grab the verification code and then input to the verification page.

Generate private key and certificate submit request with DiskStation

Now we got a working account startssl.com, continue the setup with DS207+. Before the setup, we need to pick a private samba share to store the private key and certificate generated by the diskstation, for example, a samba share named ‘private‘ is picked and the path of the share is /volume1/private.

In the ‘Ready Processing Certificate’ screen, click the ‘Continue’ again.

In the ‘Save Certificate’ screen, copy the content shown in the textbox, paste the content to notepad and then save it as ssl.crt. You should save it to the private share that we previously picked.

Also save the intermediate (sub.class1.server.ca.pem) and root CA certificates (ca.pem) to the private share as well. (Just highlight the link, right click and select ‘save hyperlink as’.

Once the 3 files is saved, click the ‘Finish’ button.

Setup Apache and Import the certificate to Diskstation

Now startssl.com is done, we go back to the diskstation and finish the setup.

Open a browser and login to the Synology Station Manager with your admin account.

Go to ‘Management’ / ‘Network Services’ / Web Services’

Click the option ‘Enable HTTPS connection’.

Click the ‘Import Certificate’ button.

For ‘Private Key:’, select the ssl.nopp.key from the private share. For ‘Certificate’, select the ssl.crt file. Click ‘OK’ button.

Done!! The diskstation is encrypted with your own, valid but free certificate!! No more reminder when browsing diskstation using https now.

Backward support for legacy browser and mobile phone In order to support some legacy browser or mobile phone, we need to adding the root and intermediate CA certificate to the Diskstation manually. If all the browsers in your orgainization already recognize startssl.com as a valid Certificate Authority, then you might skip this section.

(Noted: if you are going to install Synopass server package, procedures below are mandatory)

3 thoughts

Hi there, thanks for your thorough step my step on this as it’s exactly what I wanted.
My problem is that I do not have a valid domain as I was planning on using the new Synology DDNS subdomain. Can adding a SSL to my diskstaion still be done whilst using that subdomain? startssl wont accept subdomain validations

Hi i need urgent help, is start SSL is ok to use for commercial purpose…will it be configured on domain providr or Hosting provider… i am using crazy domain hosting and their customr care suck….i am running from piller to post for the installation… can i directly do it ..if yes ..how do i login to my server

1. I’m not sure if StartSSL allow commercial use of their free cert, please check with their customer support.
2. Pretty sure the free cert from StartSSL can deploy to your hosting provider. In case you are using shared hosting, you probably need to ask for help from the helpdesk and have them deploy the cert for you. Again, check with the CS of your hosting provider.
3. If you are not comfortable with your existing provider you may consider switching one.